Ios – Why some iphone apps won’t finish ssl handshake with Charles Proxy

iosiphonePROXYreverse-engineeringssl

I am using Charles Proxy to see all of the traffic that is coming out of my iphone. I have the ssl certificate/profile installed on my iphone and I can see a lot of the traffic that is ssl encrypted. However, some applications seem to not finish the ssl handshake.

The error is: "SSLHandshake: Remote host closed connection during handshake" and then Charles Proxy suggests to configure the application to trust the Charles Root Certificate. I thought I did when I installed the profile onto my iphone?

Any explanation of this/way to fix it?

Best Answer

Yes, SSL pinning is a possibility. Although as of iOS 10.3, you must take an additional step to trust the Charles Root Certificate ~~that is not currently documented on their website~~ edit: this info is now under iOS Devices here: https://www.charlesproxy.com/documentation/using-charles/ssl-certificates/

Settings > General > About > Certificate Trust Testings

Source: https://www.neglectedpotential.com/2017/04/trusting-custom-root-certificates-on-ios-10-3/

Related Solutions

Android – How to configure SSL certificates with Charles Web Proxy and the latest Android Emulator on Windows

To remotely capture http or https traffic with charles you will need to do the following:

HOST - Machine running Charles and hosting the proxy CLIENT – User’s machine generating the traffic you will capture

Host Machine

Install fully licensed charles version
Proxy -> Proxy Settings -> check “Enable Transparent HTTP Proxying”
Proxy -> SSL Proxying Settings -> check “enable SSL Proxying”
Proxy -> SSL Proxying Settings -> click Add button and input * in both fields
Proxy -> Access Control Settings -> Add your local subnet (ex: 192.168.2.0/24) to authorize all machines on your local network to use the proxy from another machine
It might be advisable to set up the “auto save tool” in charles, this will auto save and rotate the charles logs.

Client Machine:

Install and permanently accept/trust the charles SSL certificate
http://www.charlesproxy.com/documentation/using-charles/ssl-certificates/
Configure IE, Firefox, and Chrome to use the socket charles is hosting the proxy on (ex: 192.168.1.100:8888)

When I tested this out I picked up two lines of a Facebook HTTPS chat (one was a line TO someone, and the other FROM)

you can also capture android emulator traffic this way if you start the emulator with:

emulator -avd <avd name> -http-proxy http://local_ip:8888/

Where LOCAL_IP is the IP address of your computer, not 127.0.0.1 as that is the IP address of the emulated phone.

Source: http://brakertech.com/capture-https-traffic-remotely-with-charles/

Charles proxy fails on SSL Connect Method

From iOS 10.3 you also need to go to Settings > General > About > Certificate Trust Settings and trust Charles certificate.

Best Answer

Related Solutions

Android – How to configure SSL certificates with Charles Web Proxy and the latest Android Emulator on Windows

Charles proxy fails on SSL Connect Method

Related Topic